Unrated severityNVD Advisory· Published Mar 16, 2020· Updated Aug 4, 2024
CVE-2020-6586
CVE-2020-6586
Description
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Nagios/Log Serverdescription
- Range: =2.1.3
Patches
Vulnerability mechanics
References
3- assets.nagios.com/downloads/nagios-log-server/CHANGES.TXTmitrex_refsource_MISC
- medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60mitrex_refsource_MISC
- www.nagios.com/products/nagios-log-server/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.